Heray-Was-Here
Server : LiteSpeed
System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User : u390967363 ( 390967363)
PHP Version : 8.2.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
Directory :  /home/u390967363/domains/aibenproperties.com/public_html/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/u390967363/domains/aibenproperties.com/public_html/app/vendors.php
<?php
ob_start();
require_once 'includes/header.php';

$role = $_SESSION['user_role'] ?? 'guest';
$roleLower = strtolower((string)$role);
$canView = (function_exists('isFinanceTier') && isFinanceTier($role)) || (function_exists('isAdminTier') && isAdminTier($role));
if (!$canView) {
    echo "<div class='container py-4'><div class='alert alert-danger'>Access Denied</div></div>";
    require_once 'includes/footer.php';
    exit;
}

$canManage = in_array($roleLower, ['finance','finance_officer','finance_manager'], true);

if (function_exists('ensureVendorsTable')) { ensureVendorsTable(); }

$companyId = function_exists('getCurrentCompanyId') ? getCurrentCompanyId() : null;

$error = '';
$success = '';

global $pdo;

$action = trim((string)($_POST['action'] ?? ''));
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action !== '') {
    if (!$canManage) {
        $error = 'Access Denied';
    } else {
        try {
            $name = trim((string)($_POST['name'] ?? ''));
            $phone = trim((string)($_POST['phone'] ?? ''));
            $email = trim((string)($_POST['email'] ?? ''));
            $category = trim((string)($_POST['category'] ?? ''));
            $status = trim((string)($_POST['status'] ?? 'active'));
            if ($name === '') {
                $error = 'Vendor name is required.';
            } else {
                if ($action === 'create') {
                    $cols = ['name','phone','email','category','status'];
                    $vals = [$name, ($phone !== '' ? $phone : null), ($email !== '' ? $email : null), ($category !== '' ? $category : null), ($status !== '' ? $status : 'active')];
                    if ($companyId && function_exists('tableHasColumn') && tableHasColumn('vendors','company_id')) { $cols[] = 'company_id'; $vals[] = $companyId; }
                    $sql = "INSERT INTO vendors (" . implode(',', $cols) . ") VALUES (" . implode(',', array_fill(0, count($cols), '?')) . ")";
                    $st = $pdo->prepare($sql);
                    $st->execute($vals);
                    $success = 'Vendor created.';
                } elseif ($action === 'update') {
                    $id = (int)($_POST['id'] ?? 0);
                    if ($id <= 0) {
                        $error = 'Invalid vendor.';
                    } else {
                        $set = "name = ?, phone = ?, email = ?, category = ?, status = ?";
                        $params = [$name, ($phone !== '' ? $phone : null), ($email !== '' ? $email : null), ($category !== '' ? $category : null), ($status !== '' ? $status : 'active'), $id];
                        $pdo->prepare("UPDATE vendors SET $set WHERE id = ?")->execute($params);
                        $success = 'Vendor updated.';
                    }
                }
            }
        } catch (Throwable $e) {
            $error = 'Failed to save vendor.';
        }
    }
}

$q = trim((string)($_GET['q'] ?? ''));
$categoryFilter = trim((string)($_GET['category'] ?? ''));
$statusFilter = trim((string)($_GET['status'] ?? ''));
$rows = [];
$editRow = null;

try {
    $where = [];
    $params = [];
    if ($companyId && function_exists('tableHasColumn') && tableHasColumn('vendors','company_id')) { $where[] = "(company_id = ? OR company_id IS NULL)"; $params[] = $companyId; }
    if ($q !== '') { $where[] = "(LOWER(name) LIKE ? OR LOWER(COALESCE(phone,'')) LIKE ? OR LOWER(COALESCE(email,'')) LIKE ?)"; $like = '%' . strtolower($q) . '%'; $params[] = $like; $params[] = $like; $params[] = $like; }
    if ($categoryFilter !== '') { $where[] = "LOWER(TRIM(COALESCE(category,''))) = ?"; $params[] = strtolower($categoryFilter); }
    if ($statusFilter !== '') { $where[] = "LOWER(TRIM(status)) = ?"; $params[] = strtolower($statusFilter); }
    $sql = "SELECT id, name, phone, email, category, status, created_at, updated_at FROM vendors";
    if (!empty($where)) { $sql .= " WHERE " . implode(' AND ', $where); }
    $sql .= " ORDER BY name ASC, id DESC";
    $st = $pdo->prepare($sql);
    $st->execute($params);
    $rows = $st->fetchAll(PDO::FETCH_ASSOC) ?: [];
} catch (Throwable $e) {
    $rows = [];
}

$categories = [];
try {
    $where = [];
    $params = [];
    if ($companyId && function_exists('tableHasColumn') && tableHasColumn('vendors','company_id')) { $where[] = "(company_id = ? OR company_id IS NULL)"; $params[] = $companyId; }
    $sql = "SELECT DISTINCT category FROM vendors";
    if (!empty($where)) { $sql .= " WHERE " . implode(' AND ', $where); }
    $sql .= " ORDER BY category ASC";
    $st = $pdo->prepare($sql);
    $st->execute($params);
    $cats = $st->fetchAll(PDO::FETCH_COLUMN) ?: [];
    foreach ($cats as $c) {
        $c = trim((string)$c);
        if ($c !== '') { $categories[] = $c; }
    }
} catch (Throwable $e) { $categories = []; }

$editId = (int)($_GET['edit_id'] ?? 0);
if ($editId > 0) {
    try {
        $st = $pdo->prepare("SELECT id, name, phone, email, category, status FROM vendors WHERE id = ? LIMIT 1");
        $st->execute([$editId]);
        $editRow = $st->fetch(PDO::FETCH_ASSOC) ?: null;
    } catch (Throwable $e) { $editRow = null; }
}
?>

<div class="container-fluid px-4">
    <div class="d-flex justify-content-between align-items-center flex-wrap gap-2 mt-4 mb-3">
        <div>
            <h1 class="h3 mb-1 text-gray-800"><i class="fa-solid fa-user-tie me-2"></i>Vendors</h1>
            <div class="text-muted small">Add and manage vendors used on expenses.</div>
        </div>
        <div class="d-flex gap-2">
            <a href="finance-expenses.php" class="btn btn-outline-secondary">Back to Expenses</a>
        </div>
    </div>

    <?php if ($error !== ''): ?>
        <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
    <?php endif; ?>
    <?php if ($success !== ''): ?>
        <div class="alert alert-success"><?= htmlspecialchars($success) ?></div>
    <?php endif; ?>

    <div class="row g-3">
        <div class="col-12 col-lg-4">
            <div class="card shadow-sm border-0">
                <div class="card-body">
                    <div class="fw-bold mb-2"><?= $editRow ? 'Edit Vendor' : 'Add Vendor' ?></div>
                    <?php if (!$canManage): ?>
                        <div class="alert alert-warning mb-0">Only finance roles can add or edit vendors.</div>
                    <?php else: ?>
                        <form method="POST" class="row g-2">
                            <input type="hidden" name="action" value="<?= $editRow ? 'update' : 'create' ?>">
                            <?php if ($editRow): ?>
                                <input type="hidden" name="id" value="<?= (int)$editRow['id'] ?>">
                            <?php endif; ?>
                            <div class="col-12">
                                <label class="form-label small text-muted fw-bold">Name</label>
                                <input type="text" name="name" class="form-control" value="<?= htmlspecialchars((string)($editRow['name'] ?? '')) ?>" required>
                            </div>
                            <div class="col-12 col-md-6">
                                <label class="form-label small text-muted fw-bold">Phone</label>
                                <input type="text" name="phone" class="form-control" value="<?= htmlspecialchars((string)($editRow['phone'] ?? '')) ?>">
                            </div>
                            <div class="col-12 col-md-6">
                                <label class="form-label small text-muted fw-bold">Email</label>
                                <input type="email" name="email" class="form-control" value="<?= htmlspecialchars((string)($editRow['email'] ?? '')) ?>">
                            </div>
                            <div class="col-12 col-md-6">
                                <label class="form-label small text-muted fw-bold">Category</label>
                                <input type="text" name="category" class="form-control" value="<?= htmlspecialchars((string)($editRow['category'] ?? '')) ?>" placeholder="e.g. Contractor">
                            </div>
                            <div class="col-12 col-md-6">
                                <label class="form-label small text-muted fw-bold">Status</label>
                                <?php $sVal = (string)($editRow['status'] ?? 'active'); ?>
                                <select name="status" class="form-select">
                                    <option value="active" <?= strtolower($sVal) === 'active' ? 'selected' : '' ?>>Active</option>
                                    <option value="inactive" <?= strtolower($sVal) === 'inactive' ? 'selected' : '' ?>>Inactive</option>
                                </select>
                            </div>
                            <div class="col-12 d-flex gap-2">
                                <button type="submit" class="btn btn-primary"><?= $editRow ? 'Save Changes' : 'Add Vendor' ?></button>
                                <?php if ($editRow): ?>
                                    <a href="vendors.php" class="btn btn-light border">Cancel</a>
                                <?php endif; ?>
                            </div>
                        </form>
                    <?php endif; ?>
                </div>
            </div>
        </div>

        <div class="col-12 col-lg-8">
            <div class="card shadow-sm border-0">
                <div class="card-body">
                    <form method="GET" class="row g-2 align-items-end mb-3">
                        <div class="col-12 col-md-5">
                            <label class="form-label small text-muted fw-bold">Search</label>
                            <input type="text" name="q" class="form-control" value="<?= htmlspecialchars($q) ?>" placeholder="Name / phone / email...">
                        </div>
                        <div class="col-12 col-md-3">
                            <label class="form-label small text-muted fw-bold">Category</label>
                            <select name="category" class="form-select">
                                <option value="">All</option>
                                <?php foreach ($categories as $c): ?>
                                    <option value="<?= htmlspecialchars($c) ?>" <?= strtolower($categoryFilter) === strtolower($c) ? 'selected' : '' ?>><?= htmlspecialchars($c) ?></option>
                                <?php endforeach; ?>
                            </select>
                        </div>
                        <div class="col-12 col-md-2">
                            <label class="form-label small text-muted fw-bold">Status</label>
                            <select name="status" class="form-select">
                                <option value="">All</option>
                                <option value="active" <?= strtolower($statusFilter) === 'active' ? 'selected' : '' ?>>Active</option>
                                <option value="inactive" <?= strtolower($statusFilter) === 'inactive' ? 'selected' : '' ?>>Inactive</option>
                            </select>
                        </div>
                        <div class="col-12 col-md-2 d-flex gap-2 justify-content-end">
                            <a href="vendors.php" class="btn btn-outline-secondary">Reset</a>
                            <button type="submit" class="btn btn-primary">Search</button>
                        </div>
                    </form>

                    <div class="table-responsive">
                        <table class="table table-striped align-middle mb-0">
                            <thead>
                                <tr>
                                    <th>Name</th>
                                    <th>Category</th>
                                    <th>Phone</th>
                                    <th>Email</th>
                                    <th>Status</th>
                                    <th class="text-end">Action</th>
                                </tr>
                            </thead>
                            <tbody>
                                <?php if (empty($rows)): ?>
                                    <tr><td colspan="6" class="text-muted fst-italic py-4">No vendors found.</td></tr>
                                <?php else: ?>
                                    <?php foreach ($rows as $r): ?>
                                        <?php $id = (int)($r['id'] ?? 0); ?>
                                        <tr>
                                            <td class="fw-semibold"><?= htmlspecialchars((string)($r['name'] ?? '')) ?></td>
                                            <td><?= htmlspecialchars((string)($r['category'] ?? '')) ?></td>
                                            <td><?= htmlspecialchars((string)($r['phone'] ?? '')) ?></td>
                                            <td><?= htmlspecialchars((string)($r['email'] ?? '')) ?></td>
                                            <td><?= htmlspecialchars((string)($r['status'] ?? '')) ?></td>
                                            <td class="text-end">
                                                <?php if ($canManage): ?>
                                                    <a class="btn btn-sm btn-outline-primary" href="vendors.php?edit_id=<?= $id ?>">Edit</a>
                                                <?php else: ?>
                                                    <span class="text-muted">—</span>
                                                <?php endif; ?>
                                            </td>
                                        </tr>
                                    <?php endforeach; ?>
                                <?php endif; ?>
                            </tbody>
                        </table>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>

<?php require_once 'includes/footer.php'; ?>

Hry